"But grandmother! What big ears you have," said Little Red Riding Hood.“Yes, they are to help me listen to the rights of citizens.”

As we all know, the General Data Protection Regulation (GDPR) isn’t a fairy-tale – it is very real and it comes into effect on the 25th May 2018. We also know that it is the most important change in European data law in the past 20 years, and there are no Brexit exemptions for UK organisations.

Let’s go back and see how Little Red is getting on with the GDPR wolf…

Once upon a time there, were three little pigs (you know the story!) and it just so happened they passed Little Red, and noticed that she was in trouble, and called on Little Red to join them in the sanctuary of the straw house.

The wolf shouted: “Let me in or I will huff and puff and blow your house down!”The smart pigs replied: “We aren’t scared – we have employed a Data Protection Officer (DPO) and we have this covered.”

Unfortunately, the wolf huffed and he puffed and he blew the straw house down. Just having a DPO wasn’t enough to save the three little pigs and Little Red. Luckily, they had another sanctuary and ran to the house made of sticks.

The wolf shouted: “Let me in or I will huff and puff and blow your house down!”The smart pigs replied: “We aren’t scared – we have raised awareness of GDPR in the company and reviewed all privacy features, and we have this covered.”

Unfortunately, the wolf huffed and he puffed and he blew the straw house down. Having policies, procedures and dedicated staff to ensure readiness for GDPR was great, but something was still missing. Luckily, they had another sanctuary and ran to the house made of stone.

The wolf shouted: “Let me in or I will huff and puff and blow your house down!”The smart pigs replied: “We aren’t scared – we have Master Data Management (MDM) in place.”

And this time, the smart pigs really were safe – thanks to MDM, they had a single view of the customer and their consent, and a single repository that knew where all their data was held. They were able to protect individuals’ rights and handle Subject Access Requests. Everything was covered.

Let’s pause the story for a second.

It is clear that your organisation needs to have a multi-faceted strategy to prepare for GDPR. Ensuring that you have a Data Protection Officer, and a clear strategy to review and enhance procedures, is essential. However, to realise the goals of the DPO and execute on the strategy, MDM software is also essential.

A fit-for-purpose MDM has two key features that enable the GDPR strategy:

A single repository of customer data, demographics and consent – without this, the DPO will be unable to begin to document all of the data that is stored about a customer within the organisation.

A single view of all systems that contain customer data – without this, the organisation will struggle to meet data discovery and classification goals, and most importantly it will fail to meet the rights of the customer, be it the right of access, the right to erasure, or any of the other rights enshrined in the new legislation.

Back to our story…

Little Red and the Three Little Pigs have just met their friend Jack, who is holding a hen that lays Golden Records.

“Tell us more, Jack,” said Little Red.“My hen eats up customer data from different sources and lays Golden Records. This means that MDM is not only a data foundation tool to support GDPR requirements, but also an enabler for lots of other strategic, value-add programmes, from CRM refreshes to digital transformation and even cross-sell and upsell campaigns.”

And there’s your fairy-tale ending – by implementing MDM, you not only put yourself in good stead for GDPR compliance but unlock a wealth of other benefits made possible by a single customer view. Whether you want to improve data quality and availability, deliver better reports or enhance the customer experience, the Golden Record is indispensable – and demonstrates that MDM has value far beyond the GDPR alone.